worker_processes auto;

pid /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    proxy_send_timeout 120;
    proxy_buffering    off;
    tcp_nodelay        on;
    client_max_body_size 50000m;
    chunked_transfer_encoding on;

    upstream DOCKER_HUB {
        server {{ nexus_proxy_address }}:{{ nexus_hub_port }};
    }

    upstream NEXUS {
        server {{ nexus_proxy_address }}:{{ nexus_port }};
    }

    server {
        listen 443 ssl http2 default_server;

        server_name {{ nexus_proxy_docker_server_name }};

        ssl_certificate /etc/nginx/ssl/certs/nexus-proxy.pem;
        ssl_certificate_key /etc/nginx/ssl/private/nexus-proxy.key;
        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        location / {
                proxy_pass  http://DOCKER_HUB;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Proto   $scheme;
                proxy_set_header    Host                $host;
                proxy_set_header    X-Forwarded-Host    $host;
                proxy_set_header    X-Forwarded-Port    $server_port;
        }
    }

    server {
        listen 80 default_server;

        server_name {{ nexus_proxy_server_name }};

        add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        location / {
                proxy_pass  http://NEXUS;
                proxy_set_header    X-Real-IP           $remote_addr;
                proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                proxy_set_header    X-Forwarded-Proto   $scheme;
                proxy_set_header    Host                $host;
                proxy_set_header    X-Forwarded-Host    $host;
                proxy_set_header    X-Forwarded-Port    $server_port;
        }
    }
}